(feat): add webhook verfication support for hyperswitch webhooks

src/errors.ts

@@ -20,9 +20,8 @@ export const JsonSchemaError = BaseError.subclass("JsonSchemaError");
 export const MissingSaleorApiUrlError = BaseError.subclass("MissingSaleorApiUrlError");
 export const MissingAuthDataError = BaseError.subclass("MissingAuthDataError");
 export const ChannelNotConfigured = BaseError.subclass("ChannelNotConfiguredError");
-export const UnsupportedEvent = BaseError.subclass("UnsupportedEventError")
-export const HyperswitchHttpClientError = BaseError.subclass("HyperswitchHttpClientError"
-);
+export const UnsupportedEvent = BaseError.subclass("UnsupportedEventError");
+export const HyperswitchHttpClientError = BaseError.subclass("HyperswitchHttpClientError");
 export const HttpRequestError = BaseError.subclass("HttpRequestError", {
   props: {} as { statusCode: number; body: string; headers: IncomingHttpHeaders },
 });
@@ -91,5 +90,5 @@ export declare class ApiError extends Error {
   readonly status: number;
   readonly statusText: string;
   readonly data: any;
-  constructor(response: Omit<ApiResponse, 'ok'>);
-}
+  constructor(response: Omit<ApiResponse, "ok">);
+}

src/modules/payment-app-configuration/config-entry.ts

@@ -15,15 +15,18 @@ export const paymentAppConfigEntryEncryptedSchema = z.object({
   apiKey: z
     .string({ required_error: "Secret Key is required" })
     .min(1, { message: "Secret Key is required" }),
+  paymentResponseHashKey: z
+    .string({ required_error: "Payment Response Hash Key is required" })
+    .min(1, { message: "Payment Response Hash Key  is required" }),
 });
 
 export const paymentAppConfigEntryPublicSchema = z.object({
   publishableKey: z
     .string({ required_error: "Publishable Key is required" })
     .min(1, { message: "Publishable Key is required" }),
   profileId: z
-  .string({ required_error: "Profile ID is required" })
-  .min(1, { message: "Profile ID is required" }),
+    .string({ required_error: "Profile ID is required" })
+    .min(1, { message: "Profile ID is required" }),
 });
 
 export const paymentAppConfigEntrySchema = paymentAppConfigEntryEncryptedSchema
@@ -43,6 +46,7 @@ export const paymentAppFullyConfiguredEntrySchema = z
     configurationName: paymentAppConfigEntryInternalSchema.shape.configurationName,
     configurationId: paymentAppConfigEntryInternalSchema.shape.configurationId,
     apiKey: paymentAppConfigEntryEncryptedSchema.shape.apiKey,
+    paymentResponseHashKey: paymentAppConfigEntryEncryptedSchema.shape.paymentResponseHashKey,
     publishableKey: paymentAppConfigEntryPublicSchema.shape.publishableKey,
     profileId: paymentAppConfigEntryPublicSchema.shape.profileId,
     // webhookSecret: DANGEROUS_paymentAppConfigHiddenSchema.shape.webhookSecret,
@@ -57,6 +61,7 @@ export const paymentAppFormConfigEntrySchema = z
       "snd_",
       "This isn't Hyperwitch api key, it must start with snd_",
     ),
+    paymentResponseHashKey: paymentAppConfigEntryEncryptedSchema.shape.paymentResponseHashKey,
     publishableKey: paymentAppConfigEntryPublicSchema.shape.publishableKey.startsWith(
       "pk_",
       "This isn't publishable key, it must start with pk_",
@@ -65,17 +70,18 @@ export const paymentAppFormConfigEntrySchema = z
       "pro_",
       "This isn't publishable key, it must start with pro_",
     ),
-    configurationName: paymentAppConfigEntryPublicSchema.shape.profileId.startsWith(
+    configurationName: paymentAppConfigEntryInternalSchema.shape.configurationName.startsWith(
       "con_",
       "This isn't publishable key, it must start with con_",
     ),
   })
   .strict()
   .default({
     apiKey: "",
+    paymentResponseHashKey: "",
     publishableKey: "",
     profileId: "",
-    configurationName: ""
+    configurationName: "",
   });
 
 /** Schema used in front-end forms

src/modules/payment-app-configuration/payment-app-configuration.router.ts

@@ -61,10 +61,17 @@ export const paymentAppConfigurationRouter = router({
     add: protectedClientProcedure
       .input(paymentAppFormConfigEntrySchema)
       .mutation(async ({ input, ctx }) => {
-        const {configurationName, apiKey, publishableKey, profileId} = input;
+        const { configurationName, apiKey, paymentResponseHashKey, publishableKey, profileId } =
+          input;
         ctx.logger.info("appConfigurationRouter.paymentConfig.add called");
         ctx.logger.debug(
-          { configurationName, apiKey: redactLogValue(apiKey), publishableKey: redactLogValue(publishableKey),  profileId:(profileId)},
+          {
+            configurationName,
+            apiKey: redactLogValue(apiKey),
+            paymentResponseHashKey: redactLogValue(paymentResponseHashKey),
+            publishableKey: redactLogValue(publishableKey),
+            profileId: profileId,
+          },
           "appConfigurationRouter.paymentConfig.add input",
         );
         invariant(ctx.appUrl, "Missing app url");
@@ -77,13 +84,15 @@ export const paymentAppConfigurationRouter = router({
       .output(paymentAppUserVisibleConfigEntrySchema)
       .mutation(async ({ input, ctx }) => {
         const { configurationId, entry } = input;
-        const {apiKey, publishableKey, profileId,  configurationName} = entry;
+        const { apiKey, paymentResponseHashKey, publishableKey, profileId, configurationName } =
+          entry;
         ctx.logger.info("appConfigurationRouter.paymentConfig.update called");
         ctx.logger.debug(
           {
             configurationId,
             entry: {
               apiKey,
+              paymentResponseHashKey,
               publishableKey,
               profileId,
               configurationName,

src/modules/payment-app-configuration/utils.ts

@@ -9,10 +9,11 @@ import {
 export const obfuscateConfigEntry = (
   entry: PaymentAppConfigEntry | PaymentAppUserVisibleConfigEntry,
 ): PaymentAppUserVisibleConfigEntry => {
-  const { apiKey, publishableKey, profileId, configurationName, configurationId} = entry;
+  const { apiKey, paymentResponseHashKey, publishableKey, profileId, configurationName, configurationId} = entry;
 
   const configValuesToObfuscate = {
     apiKey,
+    paymentResponseHashKey
   } satisfies PaymentAppEncryptedConfig;
 
   return paymentAppUserVisibleConfigEntrySchema.parse({

src/modules/ui/organisms/AddHyperswitchConfigurationForm/AddHyperswitchConfigurationForm.tsx

@@ -31,6 +31,7 @@ export const HyperswitchConfigurationForm = ({
     defaultValues: {
       publishableKey: "",
       apiKey: "",
+      paymentResponseHashKey: "",
       profileId: "",
       configurationName: "",
     },

src/modules/ui/organisms/AddHyperswitchConfigurationForm/AddHyperswitchCredentialsForm.tsx

@@ -160,6 +160,14 @@ export const AddHyperswitchCredentialsForm = ({
           name="profileId"
           size="medium"
         />
+        <FormInput
+          control={control}
+          type="password"
+          autoComplete="off"
+          label="Payment Response Hash Key"
+          name="paymentResponseHashKey"
+          size="medium"
+        />
       </Box>
     </RoundedBoxWithFooter>
   );

src/modules/webhooks/transaction-cancelation-requested.ts

@@ -69,6 +69,7 @@ export const TransactionCancelationRequestedWebhookHandler = async (
   const HyperswitchConfig = paymentAppFullyConfiguredEntrySchema.parse(appChannelConfig);
   const hyperswitchClient = createHyperswitchClient({
     apiKey: HyperswitchConfig.apiKey,
+
   });
 
   const cancelHyperswitchPayment = hyperswitchClient